From fa993d524219d3c3d227135751032d253098aa7f Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Fri, 27 Feb 2026 13:25:45 +0000 Subject: [PATCH] [tls] Transmit a closure alert when closing the connection Signed-off-by: Michael Brown --- src/net/tls.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/net/tls.c b/src/net/tls.c index d100b9daa..c1182bbcd 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -198,6 +198,8 @@ static LIST_HEAD ( tls_sessions ); static void tls_tx_resume_all ( struct tls_session *session ); static struct io_buffer * tls_alloc_iob ( struct tls_connection *tls, size_t len ); +static int tls_send_alert ( struct tls_connection *tls, unsigned int level, + unsigned int description ); static int tls_send_record ( struct tls_connection *tls, unsigned int type, struct io_buffer *iobuf ); static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type, @@ -420,6 +422,9 @@ static void free_tls ( struct refcnt *refcnt ) { */ static void tls_close ( struct tls_connection *tls, int rc ) { + /* Send closure alert */ + tls_send_alert ( tls, TLS_ALERT_WARNING, TLS_ALERT_CLOSE_NOTIFY ); + /* Remove pending operations, if applicable */ pending_put ( &tls->client.negotiation ); pending_put ( &tls->server.negotiation ); @@ -1998,6 +2003,29 @@ static int tls_send_finished ( struct tls_connection *tls ) { return 0; } +/** + * Transmit Alert record + * + * @v tls TLS connection + * @v level Alert level + * @v description Alert description + * @ret rc Return status code + */ +static int tls_send_alert ( struct tls_connection *tls, unsigned int level, + unsigned int description ) { + const struct { + uint8_t level; + uint8_t description; + } __attribute__ (( packed )) alert = { + .level = level, + .description = description, + }; + + /* Send record */ + return tls_send_plaintext ( tls, TLS_TYPE_ALERT, &alert, + sizeof ( alert ) ); +} + /** * Receive new Change Cipher record *